Skip to content

gsandahl/example-report-generation

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

1 Commit
.python-version
.python-version
 
 
README.md
README.md
 
 
main.py
main.py
 
 
soc2_gap_analysis_report_llm_v2.md
soc2_gap_analysis_report_llm_v2.md
 
 

Repository files navigation

SOC 2 Gap Analysis Tool

Analyze GitHub organization security against SOC 2 compliance controls and generate professional gap analysis reports.

What It Does

  • Evaluates 13 SOC 2 controls across Access Control, Change Management, Security Monitoring, and Vulnerability Management
  • Analyzes GitHub org settings including 2FA, branch protection, code scanning, and third-party apps
  • Generates professional reports with compliance status, violations, and action items
  • Uses AI-powered analysis via Opper for intelligent assessment

Quick Start

  1. Install dependencies:

    pip install opperai pydantic

  2. Set your Opper API key:

    export OPPER_API_KEY="your-api-key-here"

    Get your key at platform.opper.ai

  3. Run the analysis:

    python main.py

The tool includes 3 example scenarios:

  • High-security org (default) - Shows best practices
  • Mixed compliance - Realistic mid-sized company
  • Poor security startup - Multiple violations

Sample Output

# SOC 2 Gap Analysis Report

## Executive Summary
Organization shows strong security posture with comprehensive controls...

## Action Items
- [ ] Enable organization-wide 2FA enforcement
- [ ] Review third-party app permissions

## Detailed Findings

### Access Control
**CC6.1 - Enforce Organization-wide 2FA**
- Status: Compliant
- Violations: None

Customization

Switch between example scenarios in main.py:

# High security (default)
GITHUB_STATUS_DATA = GITHUB_STATUS_DATA_SECURE_TECH

# Mixed compliance  
GITHUB_STATUS_DATA = GITHUB_STATUS_DATA_ACME

# Poor security
GITHUB_STATUS_DATA = GITHUB_STATUS_DATA_STARTUP

Or replace with your own GitHub organization data following the same structure.

Architecture

3-stage AI pipeline:

  1. Individual Control Analysis - Evaluate each SOC 2 control separately
  2. Summary Generation - Consolidate findings into executive summary
  3. Report Generation - Create formatted Markdown report

Built with Opper for reliable, structured AI outputs.

About

No description, website, or topics provided.

Resources

Readme
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages